[Remote] Senior Security Engineer
Note: The job is a remote job and is open to candidates in USA. GXA is seeking a highly capable Security Engineer to support the delivery and operation of their gShield security services. This hands-on role focuses on incident response, security tool operations, remediation execution, client security support, and internal security improvement initiatives.ResponsibilitiesServe as a Tier 3 escalation point for active security incidents, including business email compromise (BEC), adversary-in-the-middle (AiTM), ransomware, and account compromiseLead technical analysis during incident response and war room events, including log review, IOC hunting, and lateral movement tracingExecute containment and eradication actions such as endpoint isolation, session revocation, and credential resetsCoordinate with SOC teams and vendor threat intelligence teams during active investigations and containment effortsProduce accurate incident timelines, technical findings, and evidence packages for vCISO review and client-facing follow-upOperate daily within the gShield toolstack, including platforms such as Huntress, Microsoft Defender for Endpoint (MDE), Cyrisma, DNSFilter, SIEM, and related security technologiesPerform alert triage, risk identification, scan issue resolution, and follow-through on issues surfaced by security toolsSupport SIEM operations including query development, alert review, and rule tuningAssist in tuning detection logic, scan settings, and platform effectiveness in coordination with Centralized Services and security leadershipMonitor for security gaps, suspicious activity, and control weaknesses across managed environmentsExecute technical remediation items identified through MRMMs, preventative actions, vulnerability reviews, and security recommendationsSupport gShield deliverables through technical validation, evidence gathering, scan review, and vulnerability analysisAct as a quality assurance resource for client onboarding into the gShield toolstack, while execution remains with onboarding and Centralized Services teamsAssist with client hardening efforts and follow-through on security improvement actions across managed environmentsSupport remediation of internal GXA security backlog items, including POA&M-related workAssist with rollout and support of phishing-resistant MFA, passkeys, and other internal security initiativesContribute to security engineering efforts related to Intune, Defender, ThreatLocker, AppLocker, and RMM scriptingHelp improve internal security controls, tool effectiveness, and technical enforcement mechanismsWrite and maintain security engineering SOPs, runbooks, detection playbooks, and response procedures related to gShield operations and incident responseDocument technical findings, repeatable procedures, and lessons learned from incidents and tool operationsCollaborate with security leadership and technical stakeholders on process improvements, skill development, and automation opportunitiesContribute technical depth to broader security documentation where needed, while recognizing that ownership of policy, standards, and governance documentation remains with security leadership and related functionsSkills5–7+ years of experience in cybersecurity, security operations, security engineering, or incident response rolesStrong hands-on experience with incident response, threat detection, and security operations workflowsExperience working with security platforms such as Microsoft Defender, Huntress, DNSFilter, SIEM solutions, vulnerability management tools, and endpoint security technologiesAbility to investigate security alerts, analyze logs, trace attacker activity, and support containment and remediationFamiliarity with common attack types including phishing, BEC, account compromise, ransomware, and identity-based attacksExperience supporting security controls in Microsoft 365 and endpoint environmentsStrong documentation skills and ability to write clear technical procedures and findingsAbility to work calmly and methodically during active incidents and escalationsStrong collaboration and communication skills with both internal teams and leadership stakeholdersExperience in an MSP, MSSP, or multi-client environmentFamiliarity with Intune, Microsoft Defender, AppLocker, ThreatLocker, and RMM-based scripting or automationUnderstanding of CIS benchmarks, security hardening standards, and configuration drift monitoringExperience supporting vulnerability remediation and technical aspects of vCISO or managed security programsSecurity certifications such as Security+, CySA+, SC-200, SC-300, AZ-500, GCIH, GCIA, or similar are a plusCompany OverviewGXA is a IT consulting company that offers disaster management, backup and data recovery and various such IT related solutions to companies. It was founded in 2008, and is headquartered in Richardson, Texas, USA, with a workforce of 11-50 employees. Its website is https://gxait.com/.